If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

- https://blogs.oracle.com/security/en..._cve_2016_0636
Mar 23, 2016 - "Oracle released Security Alert CVE-2016-0636* to address a vulnerability affecting Java SE in web browsers on desktops. This vulnerability has received a CVSS Base Score of 9.3 and is remotely exploitable without authentication. A successful exploitation of this vulnerability would typically require an unsuspecting user running an affected version of Java SE to visit a malicious web site. Oracle recommends customers apply this Security Alert as soon as possible..."
> https://web.nvd.nist.gov/view/vuln/d...=CVE-2016-0636

Oracle Security Alert for CVE-2016-0636
- http://www.oracle.com/technetwork/to...6-2949497.html
"This Security Alert addresses CVE-2016-0636, a vulnerability affecting Java SE running in web browsers on desktops... This vulnerability may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. To be successfully exploited, an unsuspecting user running an affected release in a browser will need to visit a malicious web page that leverages this vulnerability. Successful exploits can impact the availability, integrity, and confidentiality of the user's system. Due to the severity of this vulnerability and the public disclosure of technical details, Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible..."

Java 8 Update 131 released

- https://www.java.com/en/download/faq...erversions.xml
"... We highly recommend that you uninstall all older versions of Java from your system. Keeping old versions of Java on your system presents a serious security risk. Uninstalling older versions of Java from your system ensures that Java applications will run with the latest security and performance improvements on your system..."

... -if- you still need to use Java at all. If not - uninstall it!
___

Java 8 u144 released

FYI...

End of Public Updates for Oracle JDK 8
> http://www.oracle.com/technetwork/java/eol-135779.html
Sep 12, 2017 - "... Oracle will not post further updates of Java SE 8 to its public download sites for commercial use after September 2018. Customers who need continued access to critical bug fixes and security fixes as well as general maintenance for Java SE 8 or previous versions can get long term support through Oracle Java SE Advanced, Oracle Java SE Advanced Desktop, or Oracle Java SE Suite. All other users are recommended to upgrade to the latest major releases of the Oracle JDK or OpenJDK.
Oracle does -not- plan to migrate desktops from Java 8 to Java 9 through the auto update feature. Instead of relying on a pre-installed standalone JRE, we will begin encouraging application developers to deliver JREs with their applications. More details will be made available through early 2018...
Long Term Support...
** Java SE 9 will be a short term release, and users should immediately transition to the next release (18.3) when available.
*** Oracle has proposed a new version scheme (YY.M) starting in March, 2018. Java SE 18.3 will be a short term release and users should transition to the next release when available."
___

- http://www.oracle.com/technetwork/se...l#AppendixJAVA
"This Critical Patch Update contains -32- new security fixes for Oracle Java SE. 28 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials..."

- https://java.com/en/download/help/firefox_java.xml
Browser(s) Firefox
Java version(s): 7.0, 8.0
"Mozilla offers an Extended Support Release (ESR) version of Firefox specifically for use by organizations who need extended support for mass deployments. Only Mozilla Firefox 52 ESR 32-bit release will continue offering support for the standards-based plugin support technology required to launch Java Applets. To see if you are using an ESR release, check the Firefox menu item (Help -> About) and looking for the "ESR" identifier."
___

... -if- you still need to use Java at all. If not - uninstall it!

Last edited by AplusWebMaster; 2017-09-23 at 16:24.

The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.